javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Sometime you might have received this kind of exception while running your application. The main reason behind this error is, the URL you are trying to access have no valid certificate issued from an authorized CA. In such cases you have to add those certificates to your JRE to make it a valid one. By using the following steps, you can make it working.
Steps:
- Download security certificate from Server
- Open the URL from IE
- You will get a certificate related warning message. Click on view certificate and then Install certificate. Ignore warning messages if gets displayed.
- Now go to Tools->’Internet Options’ ->Content->Certificates.
- Locate the installed certificate from the list of certificates.
- Click “export” button and save it as “DER encoded binary” in somewhere in your PC.
- Add certificate to JRE
- Open a Command Prompt.
- Go to “bin” directory of your JRE.
- Use keytool command as follows to import the certificate to JRE.
- keytool -import -alias mycertificate -keystore ..\lib\security\cacerts -file c:\mycert.cer
- It will ask for a password. By default the password is “changeit“.
- Here I assume that your certificate is saved as “mycert.cer” in “c:\” directory.
Thats all. You have successfully added the SSL certificate to your JRE.
To confirm this use the following command.
keytool -list
It will display all the certificates added to the JRE cert.
I’m running behind this issue for past 1 week. can you please help?
Please send a test email to Sarah.Carlson@gmail.com and I’ll explain the steps I followed.
I really need your help. Please reply at the earliest.
Ah! My application was using JDK6 and I was updating the certificate in JDK8.
Anyway nice & helpful article man!!
Hi I am getting the same error as shown below:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at RestCall.getResponseFromPSH(RestCall.java:66)
at RestCall.main(RestCall.java:25)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
… 14 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
I followed the steps. but its not working. Kindly help me to fix it
Are you sure you added the certificate to the correct JRE?
How can I use HTTPS Basic Authentication when I call a SOAP service?
Hi Jyothis.
I am really struggling to come out of this error. I very badly need your belp. This is my email id vbsenthilinnet@gmail.com. Can you drop me a test email
This is good , but is there a way out for doing the same writing some java codes ?
Please check the following link:
http://www.jyothis.co.in/2012/07/12/setting-https-certificate-trusted-in-java/
please help i am also getting this error
——————–Configuration: ——————–
Exception in thread “main” javax.mail.MessagingException: Could not connect to SMTP host: smtp.gmail.com, port: 465;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1706)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:525)
at javax.mail.Service.connect(Service.java:291)
at javax.mail.Service.connect(Service.java:172)
at GoogleMail.Send(GoogleMail.java:93)
at GoogleMail.Send(GoogleMail.java:35)
at GoogleMail.main(GoogleMail.java:100)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1540)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:203)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:197)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:994)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:142)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:532)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:470)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:837)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1049)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1076)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1060)
at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:503)
at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:234)
at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1672)
… 6 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:302)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:205)
at sun.security.validator.Validator.validate(Validator.java:235)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:147)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:230)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:270)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:973)
… 16 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:191)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:255)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:297)
… 22 more
Process completed.
I believe you have already gone through the steps mentioned in this post? Please let me know otherwise.
Hi,
Am also facing same issue, can you help me in solving this issue.
Thanks,
Grani
Jyothis..
I am having the same error and am really bugged for 3 days..!!! its really screwing me now… In my application I have imported the trusted certificate in a different keystore which i am using in my application to trust it. Googled a lot and everyone is suggesting to add the trusted CA in jdk but its not possible since my application can be migrated to a different machine according to the requirement. Can you suggest me a possible solution ? thanks in advance
I am pasting you some of the error log that i am getting..
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1902)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1338)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
@Shoaib, Please check the following post in my blog, which may help to resolve your issue
http://wp.me/p2wUrz-1c
Thanks. It helped me solve the issue.